Method for protection against fraud in a network by icon selection

ABSTRACT

To improve security of operations in a communication network such as Internet, a database containing a plurality of icons is stored in the installation program of a browser. When executing the installation program, an icon in the icon database is selected. The selected icon is stored in a storage unit which is inaccessible by any device other than the browser. The selected icon is displayed when executing the browser, and it is assigned a feature to indicate whether the current operation is secure.

This disclosure is based upon French Application No. 00/12954, filed onOct. 10, 2000 and International Application No. PCT/FR01/02814, filedSep. 11, 2001, the contents of which are incorporated herein byreference.

BACKGROUND OF THE INVENTION

The invention relates to networks which make it possible to performsecure transactions between the users of the network, in particularmonetary transactions and, more particularly, on the Internet, a methodfor protection against fraud in order to prevent a fraudster from givinga user the impression that the transaction in progress is secure, thisbeing, for example, with a view to extracting from said userconfidential information such as a bank card number, or supplying thepurchaser with inaccurate information.

On the Internet, more and more commercial sites offer securetransactions by using certificates which guarantee, to a certain extent,that the information the purchaser will enter on the screen on the siteof the vendor cannot be “stolen” by a third party to the transaction.This is achieved by establishing a signed and/or encrypted communicationbetween the vendor and the purchaser, for example using the SSLstandard.

When a vendor site is secure for the transaction to be performed, thisstate made known to the purchaser by visual characteristics of thebrowser which consist of:

-   -   the appearance of a closed padlock at the bottom of the browser        window, on the left, on the right or elsewhere according to the        browser used; and    -   the appearance, in the site address bar, of the letter “s” after        “http” in order to obtain “https” at the beginning of the        address.

For the purchaser, these visual characteristics are, in general, theonly proofs that the transaction to be performed will be secure. Thus, afraudster who wishes to “steal” the confidential information of apotential purchaser or, on the contrary, mislead them by presenting themwith false information, must make these visual characteristics appear ontheir vendor site so as to give the impression that the transaction tobe performed will be secure.

In the present state of operation of browsers, it is possible to makethese visual security characteristics appear in the absence of anysecurity by using a programming language, in particular those known bythe names “Java” or “ActiveX”.

This is because these languages make it possible to display, by means ofan “applet”, an image superimposed on that displayed by the browser andthus make the visual security characteristics appear with a view todeceiving the purchaser on the reality of the security.

In patent application No. 00 11801 filed by the Applicant on 15 Sep.2000, a method was described for preventing the superimposition of thisimage or these images in certain parts of the browser screen, inparticular in parts reserved for the visual security characteristics.

This superimposition is prevented by modifying the program of thebrowser or of the operating system or by the addition of a third programin order to determine whether the superimposed image affects these partsreserved for the visual security characteristics and to display an alarmmessage or take protective measures if such is the case.

In the case of the “Java” language, the modification of the program isperformed in the part of the “Java” virtual machine relating to securityby adding a new security rule.

More precisely, the method described in the aforementioned patentapplication comprises the following steps consisting in:

(a) determining at least one area of the screen where thesuperimposition of an image would lead to displaying to the visitor tothe site erroneous information relating to the security of thetransaction in progress;

(b) detecting if an image superimposition which is requested by a sitebeing looked at covers all or part of said area;

(c) continuing the transaction if the result of step (b) is negative; or

(d) undertaking a protective action such as displaying a warningmessage, disabling execution, making the content of the covered areaappear again somewhere else, etc. if the result of step (b) is positive.

The method which has just been described is based on the fact that thearea of the screen where the superimposition of an image would lead todisplaying to the visitor to the site erroneous information relating tothe security of the transaction in progress is known. Furthermore, theimage which this area of the screen must contain is also known to allsuch as an open or closed padlock.

These two aspects have led fraudsters to perform superimpositions ofsecurity images such as the padlock in particular areas of the screenassigned to that end by the browser program.

SUMMARY OF THE INVENTION

According to the method of the present invention, it is arranged thatthe security image or icon cannot be known to a possible fraudster and,consequently, said fraudster cannot superimpose it.

This is achieved by allowing the user to choose, randomly or not, theirsecurity icon from an icon database during installation of the browserprogram. Moreover, the graphical information corresponding to theselected icon is made inaccessible to any applets and programsdownloaded by the user. Finally, this icon will be displayed in a colourindicating the security status, for example “red” for a “non-secure”transaction, and “green” for a “secure” transaction.

The invention therefore relates to a method for improving the securityof transactions between the sites and the visitors to the sitesconnected by a network which is accessible by means of a browsingprogram capable of displaying superimposed images on the display screencoming from the site being looked at, characterised in that it comprisesthe following steps consisting in:

(a) creating in the browsing program installation program a databasecontaining a plurality of icons;

(b) selecting, during execution of the installation program, an iconfrom said icon database;

(c) recording this selected icon in a memory which is inaccessible tomeans other than those of the browsing program;

(d) displaying this selected icon during execution of the browsingprogram and assigning a characteristic to it for indicating that theoperation in progress is or is not secure.

The memory where the icon is recorded is of the non-volatile type, suchas the hard disk of the network access device; it is accessible to thebrowsing program but made inaccessible to means other than those of thebrowsing program.

The number of icons is very high, for example a million and more.Selection of the icon can be made randomly.

According to the invention, the position of the icon location on thescreen can also be selected from amongst a number of positions oraccording to a random selection.

The characteristic indicating the security state of the operation inprogress can consist of a different colour depending on whether thestate of the operation is secure or not, or a flashing of the icon inthe case of a non-secure state and the absence of flashing in the securestate.

The secure state can also be made known by the presence of the selectedicon in a given location, its absence—a blank—indicating a non-securestate.

The invention also relates to a network access device, characterised inthat it uses the method for improving the security of transactions asdefined above.

BRIEF DESCRIPTION OF THE DRAWINGS

Other characteristics and advantages of the present invention willemerge from a reading of the following description of one particularembodiment, said description being given in connection with theaccompanying drawings in which:

FIG. 1 is a simplified view of a browser screen showing that themonetary transaction to be performed will be secure;

FIG. 2 is a simplified view of a browser screen showing a superimposedimage giving the impression that the transaction is secure; and

FIG. 3 is a simplified view of a screen during the operations forinstalling a browser program having characteristics of the presentinvention.

DETAILED DESCRIPTION

On the Internet, for searching for information, use is made of programsreferred to as “browsers” such as those known by the names “Netscape”and “Internet Explorer”. These browsers cause the display of screenshaving a number of parts, each part being assigned to certainfunctionalities.

FIG. 1 gives a simplified view of such a screen in the case where theuser is requested to type their bank card number with a view to payingfor a purchase.

This screen comprises seven parts or horizontal areas which are:

-   -   a title bar 10;    -   a menu bar 12;    -   a first function bar 14;    -   a second function bar 16 having in particular an address area        26;    -   a third function bar 18;    -   a browser window 20;    -   a message bar 22 having in particular an area for a padlock 24.

Regarding a monetary transaction which must be secure, the securitycharacter is displayed as indicated in the introductory part, forexample:

-   -   by a closed padlock 24 in the area 22 at the bottom of the        screen in the case of the browser known by the name Netscape;    -   by the lower case letter “s” next to “http” in the area 16 and        more particularly in the address 26 of the site.

This security character can also be displayed at any other place on thebrowser screen in the form of a window containing all the securityinformation for the transaction in progress.

In the case of the browser known by the name Internet Explorer (FIG. 2),the closed padlock 28 is in the area 30 at the bottom of the screen buton the right.

However, in the case of FIG. 2, the closed padlock 28 forms part of asuperimposed image 32 which has the aim of giving the impression thatthe transaction is secure.

This superimposed image is obtained, for example, conventionally by an“applet” in “Java” language, or by any other language.

In order to perform such superimposition, the fraudster must know, onthe one hand, the security image or icon—the padlock—and, on the otherhand, the area of the screen where this icon must appear. A fraudsterknows these two elements of the browser program since they are common toall users of the browser.

The method of the invention consists in arranging that these twoelements, the icon and, optionally, the area of the screen where it isdisplayed, are not known and cannot be known to a possible fraudster.

To that end, during installation of the browser program by a user, astep of selecting a so-called security icon is provided in which theuser can choose an icon from amongst a large number of icons, forexample from a database of a million icons.

Instead of this free selection, a random selection can be provided whichis carried out by the installation program.

This random factor of the icon graphic can be doubled by a second randomfactor, that of the position of the icon on the browser screen.

Following this selection, the graphical information of the icon assignedto the user is recorded in a memory which is made inaccessible to anydownloaded applets and programs. This memory is of the non-volatiletype, such as the hard disk of the access device, and is accessible tothe browsing program but inaccessible to means other than those of thebrowsing program.

Furthermore, in a manner analogous to the open or closed padlock, thissecurity icon will be for example “red” in colour for a “non-secure”operation and “green” in colour for a “secure” operation.

Besides the colour of the icon for indicating the security state, theinvention makes provision for flashing of the icon if the state isnon-secure, the absence of flashing being interpreted as a secure state.

The security characteristic can consist of the presence of the icon in agiven position location to indicate the secure state, its absence in thelocation indicating the non-secure state.

The user of the browser program will become accustomed to this new iconso that a sudden change coming from a fraudster will inevitably attracttheir attention, which is the aim sought.

Furthermore, on account of this security icon not being known to apossible fraudster, they cannot create an applet which reproduces it.

In order to make this selection of a security icon, the browserinstallation program makes a selection screen appear (FIG. 3) in whichthe user chooses, for example, between two types of selection:

-   -   Free selection;    -   Random selection.

In the case of free selection being chosen, the following screendisplays an icon table, or a number of icon tables one followinganother, so as to allow the user to make their choice. As soon as thechoice has been made, the icon 50 is displayed in the part 22, forexample a guard dog.

In the case of random selection being chosen, the installation programrandomly makes this choice of a security icon, the graphic 50 of whichis displayed in the part 22. If the user does not like the graphic, theycan restart this random selection until an icon accepted by them isobtained.

The above description illustrates that the steps of the method consistin:

(a) creating in the browsing program installation program a databasecontaining a plurality of icons;

(b) selecting, during execution of the installation program, an iconfrom said icon database;

(c) recording this selected icon in a memory which is inaccessible tomeans other than those of the browsing program;

(d) displaying this selected icon during execution of the browsingprogram and assigning a characteristic to for indicating that theoperation in progress is or is not secure.

The memory where the icon is recorded is of the non-volatile type, suchas the hard disk of the network access device; it is accessible to thebrowsing program but made inaccessible to means other than those of thebrowsing program.

The invention also provides for the selection, random or not, of theposition of the icon location on the screen from amongst a number ofpositions. This selection of the position of the icon location can beimplemented during step (b), before or after selection of the icon.

1. A method for improving the security of transactions between networksites and the visitors to the sites by means of a browsing programcapable of displaying superimposed images on a display screen from thesite being visited, comprising the following steps: (a) providing adatabase containing a plurality of icons in an installation program forthe browser; (b) selecting, during execution of the installationprogram, an icon from said icon database; (c) recording the selectedicon in a memory which is inaccessible to means other than the browsingprogram; and (d) displaying the selected icon during execution of thebrowsing program with a characteristic that indicates whether anoperation in progress is secure.
 2. A method according to claim 1,wherein the number of icons in the database is of the order of a millionor more.
 3. A method according to claim 1 wherein the selection of anicon is made randomly by the installation program.
 4. A method accordingto claim 1, wherein said characteristic is a different colour of theicon depending on whether the state of the operation is secure or not.5. A method according to claim 1, wherein said characteristic is aflashing of the icon in the non-secure state and the absence of flashingof the icon in the secure state.
 6. A method according to claim 1,wherein said characteristic is the absence of the icon in a givenposition of the screen in the non-secure state and the presence of theicon in the secure state.
 7. A method according to claim 1, wherein step(b) also comprises a step of selection of a position of the iconlocation on the screen.
 8. A device for accessing a network to whichsites and visitors to the sites are connected in order to performtransactions between them, said device including a memory in which isstored a browser installation program having a database containing aplurality of icons and which is responsive to selection of one of saidicons to cause said device to perform the following operations:recording the selected icon in a memory which is inaccessible to meansother than the browsing program; and displaying the selected icon duringexecution of the browsing program with a characteristic that indicateswhether an operation in progress is secure.
 9. An access deviceaccording to claim 8, wherein the memory where the selected icon isrecorded is of the non-volatile type.
 10. An access device according toclaim 9, wherein the non-volatile type memory is a hard disk of theaccess device.
 11. An access device according to claim 8, wherein saidcharacteristic is a different colour of the icon depending on whetherthe state of the operation is secure or not.
 12. An access deviceaccording to claim 8, wherein said characteristic is a flashing of theicon in the non-secure state and the absence of flashing of the icon inthe secure state.
 13. An access device according to claim 8, whereinsaid characteristic is the absence of the icon in a given position ofthe screen in the non-secure state and the presence of the icon in thesecure state.